Password Manager

I am thinking of using a password manager.

Two products seem to be recommended: Keepass or LastPass.

LastPass seems to be far easier to use, but I have difficulty in understanding why people trust a cloud based system with their sensitive information.

My question is Can I trust their cloud?

Thanks

Ps. I use websites that use passwords, I might use it for banking - only if absolutely convinced.

 

Hi,

Cloud-based services are usually more secure than your personal PC. So yes, storing information on a server somewhere is going to be more secure than storing that same information on your personal computer.

On that note, I personally would NOT store a banking password, either on my personal computer OR a cloud-based system. Just remember, though, that most browsers now even use cloud-based backup for passwords, etc. as well. So, if you save passwords in your browser, and have the cloud service enabled on that browser, you're already storing those passwords in a cloud environment.

 

Thank you for responding.

An interesting post. I have also posted on other sites and people there have said that they see the problem of cloud systems resting with the staff. I think they mean, can the staff be trusted.

I will probably use a cloud system, as it seems easier to manage. However, banking passwords are best kept privately (in ones head).

Best wishes.

A

 

Regarding lastpass.

It uses a master password.

If hackers can access this password then presumably they can access all sites. Is this not a weakness, or am I missing something.

Thanks

 

You can create a very strong master password and feel safe that it will not be exposed.
Make it something that means something to you personally that others do not know.
Use some numbers, lower and uppercase letters and a couple of special characters.

Why Use LastPass

 

Thanks for responding.

If hackers can somehow gain access to the master password, through a key logger, or some other device, then presumably it does not matter how secure the password, they will have it!

I also note that lastpass appears to print the e-mail address, again this could be captured and aid the hacker?

I note that lastpass can utilise multi-factorial login (x2). However, it does look like a 'bit of a job' - people want to login in conveniently.

The progamme can also use mouse clicks, can these not be detected as well?

It also occurs to me that lastpass uses a browser plugin, I wonder if this could be compromised by a hacker so that on download a user could be downloading a malware programme. I suppose that downloading the plugin from lastpass only (and its updates) would eliminate this possibility- I assume that they have secured their server to avoid this possibility.

Best wishes.

A

Best wishes